“I am calling you from Windows”: A tech support scammer dials Ars Technica

When the call came yesterday morning, I assumed at first I was being trolled—it was just too perfect to be true. My phone showed only "Private Caller" and, when I answered out of curiosity, I was connected to "John," a young man with a clear Indian accent who said he was calling from "Windows Technical Support." My computer, he told me, had alerted him that it was infested with viruses. He wanted to show me the problem—then charge me to fix it.

This scam itself is a few years old now, but I had not personally received one of the calls until yesterday—the very day that the Federal Trade Commission (FTC) announced a major crackdown on such "boiler room" call center operations. The very day that six civil lawsuits were filed against the top practitioners. The very day on which I had just finished speaking with Ars IT reporter Jon Brodkin, who spent the morning on an FTC conference call about this exact issue. And here were the scammers on the other end of the line, in what could only be a cosmic coincidence.

I walked around my office with the phone against my ear, then settled into my desk chair and put the call on speakerphone. I wanted to know just what it felt like to be on the receiving end of such a call. I wanted to know how a group of scammers half a world away convinced random and often tech-illiterate people to do things like run the built-in Windows Event Viewer, then connect to a website, download software, and install it (together, no easy feat for many mainstream users). I wanted to know just how the scammers eventually convinced their marks to open up remote control of their PCs to strangers who had just called them on the telephone.

So I played along—which was difficult without a Windows PC in my office. To buy time, I told the scammer that I was waiting for my nonexistent computer to "boot up," then sent a furious blast of instant messages to Brodkin, asking him to do whatever the scammer told me to do and report back on the results. Luckily he was at his computer and immediately agreed—and we were off.

Typing, furiously

The scammer got right to it, as though it were a common thing for unknown callers to have me start rooting around inside my computer. I was immediately ordered to go to the Windows Start menu, then to right-click on "Computer."

"Can you tell me what options are you getting?" said the scammer.

"Ummm... just a second."

Furious typing followed, which must have been plainly audible, as I passed the instructions to Brodkin. Who knows what the scammer thought of this. It must have been clear that at the very least I was a serious incompetent who, when ordered to click some simple mouse buttons, instead began typing the Great American Novel. Yet my scammer showed a patience I had not expected.

"Maybe I'm not clicking on the right thing," I said in an effort to buy more time as Brodkin fired up a Windows virtual machine. "Where is it, on the Start menu?"

The scammer explained it all again. I was to right-click on Computer and tell him what I saw. I began to wonder just how long he would stay on the line without me providing a response when Brodkin got the VM running and typed back the correct responses. I passed them along.

"OK, it says Open or Manage," I said.

I was told to double-click Manage, then to select the Event Viewer from the Computer Management window that appeared.

"Below the Event Viewer, what options can you see?" my scammer asked.

(More furious typing.)

I knew already a key part of the scam involved showing people innocent error messages in the Windows Event Viewer, then trying to convince them these were caused by a virus. So I decided to guess what I should be seeing—and I got it wrong.

"I see a list of these different warnings or something. I dunno."

"No, sir, you have to double left click on Event Viewer. Just do it again."

Brodkin came through with the answers. "Okay, it says Custom Views, Windows Logs, Applications, and Settings," I said, reading right out of my instant messaging client.

"Yeah. Yeah. You have to double left click on Windows Logs, all right?"

"Okay, doing it."

"And below the Windows Logs, what options can you see?"

(Even more furious typing. That novel was really coming along now by the sound of things.)

"What options are you getting?" he repeated.

"Applications, Security Setups, Forwarded Events..." I said at last.

"Yeah, that's correct. You have to double left click on Applications, OK? And now what can you see from your computer screen?"

Because my scammer appeared to be a man of infinite patience, I simply waited ten seconds in silence and then repeated stupidly, "What can I see?"

"Yeah. what can you see?"

Scary errors in the Windows Event Viewer.

Brodkin's instant messages arrived, telling me that I was in fact seeing an error message.

"Um, I see some kind of error message."

"Yeah. These are the error messages which we get through your computer by date and time. This is the application part of your computer, OK? Let me check the system part of your computer, OK? Look at the right hand side—there's an option for Filter Current Log. Can you see Filter Current Log? Yeah, you have to double left click on Filter Current Log, OK? And there's a new box that came on your screen, and you have to check mark the options 'critical warning' and 'error.'"

"OK."

(But instead of clicking anything, I am of course typing to Brodkin. Furiously. The clack of the keys seems unbearably loud. Isn't he getting suspicious?)

"OK... Clicking 'critical warning' and 'error'... now it says 'warning and error.'" I had no idea if this even made sense, but it was what Brodkin had typed, and the scammer seemed to accept it.

"Yeah. Sir, these are the [garbled] viruses in your computer. They may harm your computer at any point of time. And these viruses are corrupting your data and using your personal information like that. So do one thing: can you try to delete any error, any warning?"

"Any one of them?"

"Yeah. Is it deleted or not?"

"How do I delete it?" I asked, not having done anything. But my scammer's patience was starting to slip. He simply went on as though I was in fact looking at a scary list of errors that could not be removed.

"It's not deleting," he informed me. "Yeah, sir, these are un-deletable viruses."

"I am calling you from Windows"

The main website.

The scammer then directed me to "open your Internet Explorer" and visit a specific website. It was a basic free-to-create website labelled "Windows PC Tech Support." The company behind it, said the site's front page, had "deep experience in a full balance of practice areas. All working in cycle, at one place." Well—I like working in cycles, at one place, so this all sounded fine.

I told my scammer that the page had loaded. He directed me past the "About Us" tab ("At ALL times we hold the highest ethics and quality is the pre-requisite of everything we do") and past the "Services" tab ("So just come out of a doubtful and unsure situation and call for a support package") and over to "Instant Support."

The instant support page showed four links: Ammyy V3, Ammyy V2, TeamViewer, and ShowMyPC. All four pieces of software allow another machine to access your computer directly, across the Internet, for all sorts of quite legal and useful reasons. But they also make it simple for a cold-caller from India to rule your computer by tricking you into giving him permission to do so.

"You have to click on Ammyy V2," said my scammer. "And there is a new box which says run, save, or cancel. You have to click on run, OK?"

Come on—he was going to have work a little bit harder than that.

"Well, I don't know much about computers," I said, "but I know that I don't want—I dunno—just software from the Internet running on my computer."

"Sir, it's a connecting software to help you out, OK?" he said.

"Well, but... who are you with, again?"

"Sir, my name is John. I am calling you from Windows, OK?"

"What do you mean you're calling me from Windows?"

"Sir, because we are getting some information and warning like that. So click on 'run.'"

I wanted to see more of this process unfold, so I asked him to "tell me how to do it on my computer and I'll just do it. You can walk me through the steps."

"Sir, you are the Windows customer and you are registered here in Windows Company so that's why we are calling you," he said, one of several incongruous responses that made me feel like I was speaking with a chat bot instead of a human being. We continued:

"I'm sorry, I don't know anything about a 'Windows Company.' Do you mean Microsoft?"
"No, it's not a Microsoft, it's a Windows Technical Department, OK? And I am the Windows technical provider to help you out, OK?"
"OK, but I'm still... I didn't call you, you called me, so it seems kind of strange. I don't know if I want to let some program run on my computer."
"Sir, we are getting some information from your computer, some harmful information because these informations are damaging the [garbled] and some important [garbled] like that."
"You mean, I have viruses in my computer and you know about it somehow?"
"Yeah. Yeah."
"Wow."

Again he asked me to click "run." He was quite insistent on the point, coming back to it immediately every time the conversation veered away. Just. Click. Run.

So here it was—decision time. Was I willing to turn Brodkin's Windows install over to "John" from "Windows Technical Support" in order to clear it of the many viruses the Event Viewer showed? I decided that I was—in the name of journalism, of course.

"The line" is drawn here.

The manager

But Brodkin wasn't. "Not sure I trust this!" he IMed me. "I don't want to let them into my PC. I draw the line there."

VM or no VM, he didn't want strange people controlling his main work computer, which was probably just as well. With the line drawn and little more to gain from the phone encounter, I switched gears. "So you're aware that this is a scam that you're pulling, right?" I said. "And that the US government has announced today a huge crackdown on exactly what you're doing?"

I expected John to hang up; clearly, I knew about his game. But he didn't miss a beat.

"No sir, I assure you, sir, it's not a scam. You can talk to my manager. I'm calling you from Windows."

"Oh, okay," I said; I mean, the guy was calling me from Windows. "Can I talk to your manager just to make sure?"

After a few seconds, another voice came on the line. He was the manager, he told me, and he laid out the whole situation.

"Sir, let me tell you, like when you buy an operating system like Microsoft Windows, we are the one who are able to provide the technical support regarding this operating system, OK? Microsoft never provides support for the Windows operating system and we are having official [garbled] of Microsoft, and that's why you are receiving this call."

"So you're like partners with them, you help them do support?" I asked.

"Right. And that's why my colleague has given you a call, because your computer was full of viruses. Whenever you are going on Internet, you are getting the viruses from the Internet. And you have also noticed that for the past few weeks your computer has been running a bit slow, right?"

"Yeah, it's been really slow," I agreed.

"That is all because of the viruses, sir... We are going to tell you how you can rectify all these problems from the computer."

I knew exactly how the problem would eventually be "rectified"—with my credit card. One Ars reader noted just how bad the situation could get when commenting on the FTC crackdown, writing, "One of my clients fell for this scam. Unfortunately, he paid over $500 to the scammers. When he refused to pay any more, they actually locked the computer, told him he wouldn't be able to use his computer anymore, and hung up on him."

With the call quickly coming to the end of its useful life, I decided to switch gears one last time.

"So are these viruses that I could get on a Mac or this is only on my Windows computers?"
"This is only for the Windows operating system. Viruses are not there in Macs. Mac is a virus-free edition."
"Oh, okay, it's a virus free edition."
"Right. Mac doesn't have viruses. Viruses are only there for Windows PCs."
"I have a question for you, then. I don't actually have any Windows PCs, I only run Macs. So I'm wondering how you found out I had viruses?"
"No, no. I think that you are having a partition of a Windows operating system in a Macintosh."
"No, I don't think so."
(Pause.)
"You are using Mac?"
"Let's be honest here. You guys are scamming me, and the US government just announced a major crackdown today on exactly what you guys are doing and I just wondered if you had any comment about that?... Hello?"

And with that, he was gone, having better sense than to waste any more time on me. No wonder he was the manager.

Calling Do Not Call

Such scams have proliferated around the globe, and their operators aren't very creative; many of them use nearly identical pitches. It can't be a fun job; an entire amateur industry has arisen around trolling the scammers, as did Australian Troy Hunt, who earlier this year set up a Windows virtual machine with the Dutch language selected just to see what would happen when he actually gave control of the machine to the scammers. (Hunt also tracked down and did an interview with the person behind one of the companies alleged to be a leader in this sort of activity; the man denied knowing anything about it.)

The scams have cost people around the world quite a bit of money, with scammers asking anywhere from $49 to $450 to fix the nonexistent problems they discover. The calls appear to be largely about making money, but there's no reason that such powerful remote access could not be used to install malware, build up botnets, participate in denial of service attacks, or steal personal information.

The companies behind such calls generally show a total disregard for local laws against telemarketing, but they aren't the only ones to do so. Just today I received two automated recordings, which also ignored the Do Not Call list here in the US, pitching me on the old "Card Member Services" scam and something separate involving home break-ins and security. While Do Not Call laws have stopped most reputable companies from harassing people over the telephone, they have had only limited effect against those whose reputation can't go any lower.

While the entire call seemed farcical—who would possibly fall for this?—people clearly do, all the time. Sure, it wasn't going to work on me, but I could easily imagine several members of my own extended family who might have had a harder time recognizing the fact that this was not legitimate.

The clear sense of impunity felt by the scammers was enraging. I had wasted a few minutes of his time, but who cared? Even now John was on to his next mark, ready to rope in the "manager" when needed, ready to lie about the Windows Event Log, ready to demand that someone just click "run." He may have assumed that no police officer would come knocking on the boiler room door; hopefully, yesterday's international enforcement efforts will at least sow the seed of doubt.

1. I have gotten repeated calls from Computer Technical Services, similar opening pitch. I hang up, but have been curious how the scam unfolds.

2. I did not know about event viewer. I followed the instructions, looked at the errors, and got info on a lockup problem involving mv91xx.sys. I am following up to see if I can get a new driver that will work better.

So the irony is that their scam call may help me fix a real problem ;-).

288 Reader Comments

I got them to hang up the first time they called me, after they put the "manager" on, by asking them how they got my phone number. He immediately hung up.

They actually called me back after that and I got rid of them for good by telling them I knew they were a scam and if they wanted to I could play along for 20 minutes but actually do nothing and waste 20 minutes of their time. When the guy said "no, we're not a scam!" I said okay, it's your time you're wasting, as I won't actually do anything to allow you access to my computer. He hung up after thinking for 2 seconds and they never called me again.

I wonder if the U.S. gov. will use anything like the resources it used in the MU/KDC case to bring down these guys. That would be a useful exercise of authority and I would actually applaud them.

Kudos for your patience.I wouldn't get further than "Fuck you, I use debian."

I told them that (more politely) -- they didn't have a clue why that was an issue. I guess they had no idea that Debian was Linux, or even (when I pointed that out) that Linux isn't some sort of Windows program.

Well, not the first two or three times (Yes, they kept calling, every week or two). But I guess they're getting savvier. The last time, someone did actually understand what my reference to "Iceweasel" web-browser meant -- the line went dead, and they haven't called me since.

I don't claim to be really really smart. But I am certifiably paranoid. If I don't know the number or the name, I don't answer simple as that. While I do have a sense of humour I can't see wasting the time to play with these people. In my area there's a scam going on with the natural gas providers trying to scam people into buying new furnaces. They're doing it by phone and coming to the door with their clipboards, asking to see my gas bill. I'm actually amazed by the ones who don't understand "Fuck Off" when I say it to their faces.

I received a call from one of these about a month ago. I recognized it as a scam and proceeded to waste nearly 30 mins of this gentleman's time as my wife listened on and chuckled. When I finally let on that I knew it was a scam, I was promptly told "F*%@ You" and hung up on.

That's fine, you don't have to believe me. Clearly, you know my setup and my hardware better than I do.

Sorry to come across as so snarky, but you didn't really give an explanation - I can only go by what you said. I mean, you had the guy on speaker phone so it's not like you had only one hand or something limiting.

It actually sounded like you'd rather risk Brodkin's machine rather than your own!

If I don't know the number or the name, I don't answer simple as that.

Why are you so scared of a phonecall? Did you watch too many slasher movies in the 80's?

When calling from work I usually come up as a private number (and for a while I had VoIP issues at home and came up as a private number). It infuriates me that virtually none of my paranoid friends will answer the phone. I mean for fucks sake, what did they do throughout the 80's and 90's? Never answer a fucking phone? What's the point in having a phone you won't answer?

We've been getting a lot of these calls in Australia, to the point where I now have a whistle next to the phone. String the talker along a bit, start talking a little quieter so they turn up the volume on their end... and then - loud whistle directly into the mouthpiece.

Of course, I've also done the "You'll have to talk to my wife, I'll just get her" (put the phone down and see how long they wait), and the "Windows on my Mac?".

As we're a company who *does* provide windows tech support, the conversation generally goes like this

"I'm calling from Windows Tech Support"

"Ahh,yes, you've called Windows Tech Support, can I have your account number please?"

"what account, sir I'm calling from windows tech support"

"yes, that's right, you've called windows tech support, we provide tech support for windows, can I have your account number, or if you don't have an account, we take mastercard, amex or visa, which would you prefer?

So Nate made an audio recording of a phone call without getting permission of the other party? What state does he live in, by the way?

"A friends in laws fell for this, my own sister in law had the sense to text me to get my go ahead to let them in her computer, and even when I told her it was a scam she tried to argue that they seemed genuine."

In Japan where I am this happens with bank transfer scams. Someone will call an elderly person claiming to be the grandson who desperately needs money. She'll go to the bank to make the transfer, and the teller and bank manager will tell her it's a scam, but she'll say, "I don't care, I want to make the transfer, it's my money!" They often have to get a cop in from the local koban to slap some sense into her and contact her children before she empties her bank account. There was something on the news about how aging brains can fall for stuff even when they know on some level that it's a scam.

My grandma fell prey to the scam you've described, she called me one day and said "You said you were going to call me when you got to Trevor's house" I thought she lost her mind, but a scammer had convinced her that they were me, and had spun an elaborate tale of me being in trouble in Canada. "Grandma, I've never even been to Canada..." It was heart-breaking, the people at Western Union tried to tell her it was likely a scam but she was convinced she had been talking to me.

Here's an interesting question I've never been able to find a clear answer on, if you call, say, At&t, and they tell you the call is being recorded, can you then record it from your side without telling them? After all, the already know the call is being recorded.

I've gone here before a few times (in a Windows XP VM on my wife's MacBook). I've had them ring me 4 or so times now. They claimed to be a Microsoft certified company (who's name I forgot, sorry). If you tell them you have a Mac they hang up instantly.

First they told me that my IP address had appeared on their system as having a virus. When I asked them what my IP address was, they told me that the technician in the other room had it, but the person speaking to me didn't know it. When I asked them how they got my phone number from my IP address, they told me that Microsoft gave it to them. When I questioned this saying Microsoft didn't have my IP and phone number on record, they said my ISP gave it to them. I gave up and continued anyway.

They told me to go to Event Viewer, showed me a long list of warnings and critical errors. First they showed me the Application Errors, but informed me not to click on them, just view them. Then, they told me to see the System Errors, and once again, not to click on any of them, lest I break my computer. I "accidentally" clicked on one and it said that Windows had been shut down without restarting in the past sometime, which I said didn't sound that serious, but they assured me that clicking on these logs was dangerous and that they were serious errors.

Once, they had "convinced" me that I had serious errors on my computer, they tried to get me to download a program and run it. I told them that I didn't trust who the company was, and so I googled them whilst on the phone. The top google hits for the company said how they are a scam. Their response:

"Oh sir, people write things on the Internet all the time. If you search for Microsoft you will find people write that "Microsoft is a scam" because they don't like Microsoft and they like Apple computers. You can't trust what people say on the Internet."

After much to-and-fro I eventually gave up, but they stuck to their stories pretty hard, even when I pointed all the holes in them. Trust me, if they think you're no technologically literate, they'll give you all the time you need to start your VM. "Oh, I'm just turning my computer on. Give me a minute…"

Someone like this called my girlfriend's work a couple months ago. They were thankfully smart enough to know it was a scan and hung up. They got a couple more calls over the next month or so, 'downloading over 3000 viruses' etc. Until my girlfriend got to answer the phone, "I'm sorry, we use Linux." *click*It still makes me grin.

I saw a promoted comment talking about getting their IP address when they connect to your PC. Is it just open season on them or are there international laws protecting them if I decide I want to fire up the backtrack VM that's next to all of my Windows VMs? Not that I could do much, but I've never tried and it might be fun to see how far I got.

I have had a few of my customers call me about these calls, the scammers who have called my customers have always claimed to be from Microsoft, so that's an interesting twist.

I of course am an MCP/MC-ITP myself, and my customers know to ask for their MCP number and how to verify it online, they sometimes call to have me check that there is nothing on their computer that would be telling the scammers how to contact them, but I find this is largely a misuse of the DNC lists. I'm still waiting for the day I get my call.

Of course the next logical step in these websites is to exploit the latest Java based full-control drive-by attack on their home page, it quietly self installs while they have you read the page and go to the connecting software, at which point if they get you as far as the website as you went, it's a moot point whether you actually let them in with one of the desktop support tools or not.

I should set-up a VM in my lab environment to accept these connections. (I have a 6PC Virtual lab at home for testing and learning on windows servers.) I wonder how they might react when I log them in to a 2008 or 2012 server edition VM configured as an AD Domain Controller and Certificate Server.

Of course the next logical step in these websites is to exploit the latest Java based full-control drive-by attack on their home page, it quietly self installs while they have you read the page and go to the connecting software, at which point if they get you as far as the website as you went, it's a moot point whether you actually let them in with one of the desktop support tools or not.

I'm not sure this would be much benefit to them. It would get their site tagged as an attack site and auto-blocked in chrome, which would immediately cost them some "customers."

Aside from the remote possibility of actually getting some people who know it is a scam but play along anyway, I don't see how it would benefit them. If they have the person hooked long enough to go to the website, I doubt they lose many people installing the software.

It's interesting to see this is not just limited to UK.I used to get these calls twice a day, from Indian call centers (from their accent). It gets annoying to a point that every time I hear someone with Indian accent on the phone I hang up, no racism intended.

They use the same tactics, show you the event viewer, then ask you to install some remote PC control software.They claim to record spurious activities of your IP on their log citing virii or trojans on your PC.

The first time I hear that I knew it's a scam as they'd need a court order to get my phone number associated with my IP unless they are calling from the ISP.

I'm an IT consultant and have received calls from clients who have just finished a call with "John". Fortunately, most smelled the bad odor and hung-up and called me just to be sure it was a scam. But others fell for it hook, line, and sinker then needed me to clean up the mess.

Sadly, phishing scams like this are more common than ever, but it's not a new scam. People have been receiving scam calls from the IRS, the FBI, faraway officers of the court asking for bail money on behalf of an arrested friend or relative, the list goes on and on -- just like the Energizer bunny.

There's an amateur collection of vigilantes over at www.419eater.com that does exactly what our story's author did -- baiting the scammers. It's fun to read.

If I don't know the number or the name, I don't answer simple as that.

Why are you so scared of a phonecall? Did you watch too many slasher movies in the 80's?

When calling from work I usually come up as a private number (and for a while I had VoIP issues at home and came up as a private number). It infuriates me that virtually none of my paranoid friends will answer the phone. I mean for fucks sake, what did they do throughout the 80's and 90's? Never answer a fucking phone? What's the point in having a phone you won't answer?

I usually let the answering machine get it since we get calls all the time from political polls. Also, no caller ID as my phone company charges extra for it and I'll be damned if I pay an extra $2 a month for it.

If you do it right they call back just screaming and swearing at you - then after the 5th calll back, I start playing some east indain music in to the phone and then unplug it when I get bored.

You missed a trick! You know they are from India but ask them what the weather is like in Pakistan or where in Pakistan they are from. Indians positively hate being associated with Pakistan in any kind of way.

Also in your VM make your desktop background something like two men having really rough sex with each other before giving in to the remote control install. That does not go down well for their religion.

Here's an interesting question I've never been able to find a clear answer on, if you call, say, At&t, and they tell you the call is being recorded, can you then record it from your side without telling them? After all, the already know the call is being recorded.

I was thinking about that as well, consent has been given to record, so I think it's immaterial who does the actual recording.

What I still didn't get is: how do they make you use your credit card (assuming off course that you didn't store it somewhere on your PC, off course)? Do they "lock" your computer and then tell you to pay whatever amount, so they unlock it? Or do they tell you "Ok, we're done, your computer is now "virus free editioned", please pay us whatever amount."?

Or how do they make people pay?

Oh I wish I would get such a call, I'd love to play the most stupid user there is ("I have to open the window? Ok wait... ok, I'm back, fresh air is now coming into my room. What next?"), install their "lock the computer" kit in the end and then tell them: "Oh, my computer is now locked? Just let me revert to the last safe-point of my test VM, so you can try again, boy!"

Here's one where the user does just that. "I don't get it, I'm looking out my windows right now and they look fine!"

While, to my knowledge, we've never gotten one of these, my wife developed a remarkable way to get rid of insistent telemarketers, salesmen, donation drives, etc.

She's polite at first, telling them that she's not interested, and all. And some stop there, but there are those callers that won't take no for an answer. So she tells them again. Still on? She begins to only say the word:

"Beans."

...Uhh ..no, Ma'am, you don't have to commit to anything, can I just put you down for $10?

"Beans."

"I... um, just $10 will help... eeehhr, get our class participation to 80%! We understand the economy isn't the best right"

I played along for a few questions, but then just flat out said "I'm curious, what does your mother think of you trying to scam people out of money?"

"Oh, no sir, this is no scam. (blah, blah, blah.)

"No, really, you and I both know this is a scam. I'm really just curious, do you sleep well at night, knowing what you did to scam people out of money?"

"Nono, not a scam, sir" .. I repeat, "no, serious, I know this is a scam, what does your mother think?"

Then he says in his humorous Indian accent "F*** you, sir." I immediately started laughing. "Really? That's all you got?" "Yes, f*** you sir." But he didn't hang up. I laughed more.

"No need to get vulgar, I was just curious, I thought maybe you'd tell me how you feel about scamming people, we're just two guys on a phone call, thought you might want to open up to a stranger." He gave me a few more f-bombs while I giggled, then hung up.

Last week I encountered this exact same scam, with some hilarious variations.

I got a call from "Windows Tech Support" telling me I had viruses on my computer and had only 30 minutes to fix them before they erased all my data. Being a Debian user, I almost fell out of my chair laughing, but managed to pull myself together quickly enough to boot up my Win7 machine and see how deep the rabbit hole went.

First, I told him my name was John Smith. He told me he was going to transfer me to one of their "virus support experts" and did so.Said "Expert" introduced himself -- get this -- as John Smith.I couldn't believe it. I continued to play along.

The "Expert" directed me to install TeamViewer, which I did. I let him into my PC and watched him open Event Viewer and show me all the messages. While he was telling me about the dangers of all the harmless debug messages in Event Viewer I pulled up an elevated command prompt, ran "netstat" and copied down the results. By then he had stopped talking and was asking me what I was doing. I told him I was "backtracing" him and that I was "behind 7 proxies". I also told him I worked for the FBI as a DBA (none of which has a shred of truth). He told me he was only 17 and had been working at the company for just 14 days. I asked him where they were based out of and he told me Orlando.

I asked to speak to his manager, and was transferred. I told him what they were doing was illegal. He asked me what part was illegal and I repeated the part of the call where I was told I had viruses. I also told him I use Debian. He assured me that I had not been told that I had viruses and that none of his employees were supposed to do that. He asked for the name of the person I had spoken to and I told him "John Smith" for the hell of it. I heard typing, and after a few moments he told me he had found John Smith in his database and would speak to him.

I then told him I was contacting my secret network of spies across the United States and that if he had known what retribution his cute little scam call would bring down upon his head he might have thought twice about calling me. He acted like I was an idiot and gave me a spiel about how his company supported Windows because Microsoft refused to. At this point I was bored.

I hung up, laughed for about 5 minutes, and went back about my business.

A couple other things:--I was directed to install "C C Cleaner" by the expert. You read right. Three C's.--The expert directed me to "windowstechsupport.us", which has since been removed. It was clearly a premade template site.

Wasn't there a version of this scam back in the Win '9x days, where the oh so helpful "windows support tech" would point the user at a system DLL that happened to have a funky, somewhat scary looking icon ( IIRC a black, blotchy-looking thing).

It was actually a legitimate official MS Windows DLL. I don't recall if it was a terribly crucial DLL - in fact, I think it was fairly obscure -- but due to the "funny" icon, it was pretty easy to convince users that it didn't belong and signified a malware infestation.

Too bad(?) these guys don't call to Eastern Europe — sound like a some fun spoiling their time like you guys did and that'd be nice payback being dumbest user in the world since I do work in real tech support

Wasn't there a version of this scam back in the Win '9x days, where the oh so helpful "windows support tech" would point the user at a system DLL that happened to have a funky, somewhat scary looking icon ( IIRC a black, blotchy-looking thing).

It was actually a legitimate official MS Windows DLL. I don't recall if it was a terribly crucial DLL - in fact, I think it was fairly obscure -- but due to the "funny" icon, it was pretty easy to convince users that it didn't belong and signified a malware infestation.

Back in 2002, my boss forwarded me a email warning about some bug affecting Windows machines. Now this was my first job using Windows, but I'm not a total n00b. I googled the text of the email, and found it was a hoax.

I replied to my boss: the email is a hoax. The teddy bear icon is supposed to be there.

Ha! I got several calls from one of these guys. I now think there may be a bunch of Indian scammer companies who have slightly different scenarios. Yes, the company who's been calling me does start out by saying that he is from "Windows" -- as if that was a company. I asked where are you calling me from. He repeated "Windows" as if "Windows" was a location. I said, no I mean a place like "New Jersey". Windows is an operating system, not a place. Of course, it was clear enough that he was calling from India, but he named a state, which didn't correspond to the Area Code on my phone.

Anyway, he informed me that my computer has been sending out messages from Microsoft technical support (!), saying that it was infected. I told him that I had a Mac, but that didn't deter him. He asked whether I had a PC and I said yes. He told me that it must have been sending out these messages. I told him that it had been off for several weeks, but even that didn't faze him. He told me to turn it on, so he could resume his script!

This guy wanted me to bring up www.logmein.com so that his "technician" could take control of the PC (My old PC doesn't even work anyway, so it was impossible to follow the script any further).

It seemed that he was on the track of infecting the PC so that it can call home. but I don't know. I should have let him play with a "honeypot" PC to see where his script leads. I do have a VM copy of Win 8 that I could put to good use. If he calls again, I will try to find out what happens next, as he was far away from soliciting money.

I recieved a phone call from Indiana for the past 2 days but did not pick up they called 5 times on Thursday and 6 times on Friday. They did not leave any messages on my iPhone. Probably the same scammers that got you. But I don't pick up the phone if I don't know the number, and if they persist I just turn off my phone. If I have picked up and they tried that trick with me I would have said sorry you must have been mistaken I don't have any Window products in my household. Then hang up the phone.